From: Kern Sibbald Date: Sat, 11 Jun 2005 19:27:48 +0000 (+0000) Subject: Updates X-Git-Tag: Release-1.38.0~379 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=aedafdf5425ba553768763598cf42b96d56bca22;p=bacula%2Fdocs Updates --- diff --git a/docs/manual/.cvsignore b/docs/manual/.cvsignore index ccafca61..be3d70cb 100644 --- a/docs/manual/.cvsignore +++ b/docs/manual/.cvsignore @@ -4,6 +4,7 @@ developers.html developers.pdf bacula.html bacula.pdf +dev-bacula.pdf bacula *.aux *.png diff --git a/docs/manual/Makefile b/docs/manual/Makefile index c32cbdc9..f8780fce 100644 --- a/docs/manual/Makefile +++ b/docs/manual/Makefile @@ -53,7 +53,7 @@ pdf: @cp -fp ${IMAGES}/hires/*.eps . dvipdfm -p a4 bacula.dvi # Rename for loading on Web site - mv bacula.pdf dev-bacula.pdf + @cp -f bacula.pdf dev-bacula.pdf @rm -f *.eps *.old dvipdf: @@ -61,7 +61,7 @@ dvipdf: @cp -fp ${IMAGES}/hires/*.eps . dvipdf bacula.dvi bacula.pdf # Rename for loading on Web site - mv bacula.pdf dev-bacula.pdf + @cp -f bacula.pdf dev-bacula.pdf @rm -f *.eps *.old @@ -87,11 +87,13 @@ html: @rm -f next.eps next.png prev.eps prev.png up.eps up.png latex2html -white -no_subdir -split 0 -toc_stars -white -notransparent \ -init_file latex2html-init.pl bacula >tex.out 2>&1 - @grep "unmatched" tex.out - @echo "opening brace #41 ... is expected" +# @grep -v "opening brace #41" tex.out >1 +# @mv -f 1 tex.out +# @grep "unmatched" tex.out @echo " " ./translate_images.pl --to_meaningful_names bacula.html @rm -f *.eps *.gif *.jpg + @echo "Done making html" devhtml: @echo "Making developers html" @@ -105,6 +107,7 @@ web: @echo "Making web" @mkdir -p bacula @cp -fp ${IMAGES}/*.eps *.txt ${IMAGES}/*.png bacula + @rm -f bacula/xp-*.png @(if [ -e bacula/imagename_translations ] ; then \ ./translate_images.pl --from_meaningful_names bacula/Bacula_Users_Guide.html; \ fi) @@ -115,12 +118,13 @@ web: @rm -f bacula/next.eps bacula/next.png bacula/prev.eps bacula/prev.png bacula/up.eps bacula/up.png latex2html -split 4 -local_icons -t "Bacula User's Guide" -long_titles 4 \ -toc_stars -contents_in_nav -init_file latex2html-init.pl -white -notransparent bacula >tex.out 2>&1 - @grep "unmatched" tex.out - @echo "opening brace #41 ... is expected" - @./translate_images.pl --to_meaningful_names bacula/Bacula_Users_Guide.html - @cp -f bacula/Bacula_Freque_Asked_Questi.html bacula/faq.html - @rm -f *.eps *.gif *.jpg bacula/*.eps *.old - @rm -f bacula/xp-*.png +# grep -v "opening brace #41" tex.out >1 +# mv -f 1 tex.out +# grep "unmatched" tex.out + ./translate_images.pl --to_meaningful_names bacula/Bacula_Users_Guide.html + cp -f bacula/Bacula_Freque_Asked_Questi.html bacula/faq.html + @rm -f *.eps *.gif *.jpg bacula/*.eps *.old bacula/*.old + @echo "Done making web" devweb: @echo "Making developers web" @@ -161,4 +165,4 @@ clean: distclean: clean - @rm -f bacula.html bacula.pdf developers.html developers.pdf + @rm -f bacula.html bacula.pdf dev-bacula.pdf developers.html developers.pdf diff --git a/docs/manual/mysql.tex b/docs/manual/mysql.tex index 8a672bd7..735d978a 100644 --- a/docs/manual/mysql.tex +++ b/docs/manual/mysql.tex @@ -13,12 +13,13 @@ \addcontentsline{toc}{subsection}{Installing and Configuring MySQL -- Phase I} If you use the ./configure \verb{--{with-mysql=mysql-directory statement for -configuring {\bf Bacula}, you will need MySQL version 3.23.33 or later -installed in the {\bf mysql-directory} (we are currently using 3.23.56). If -MySQL is installed in the standard system location, you need only enter {\bf -\verb{--{with-mysql} since the configure program will search all the standard -locations. If you install MySQL in your home directory or some other -non-standard directory, you will need to provide the full path to it. +configuring {\bf Bacula}, you will need MySQL version 3.23.53 or later +installed in the {\bf mysql-directory}. +Bacula has been tested on MySQL version 4.1.12 and works fine. +If MySQL is installed in the standard system location, you need only enter +{\bf \verb{--{with-mysql} since the configure program will search all the +standard locations. If you install MySQL in your home directory or some +other non-standard directory, you will need to provide the full path to it. Installing and Configuring MySQL is not difficult but can be confusing the first time. As a consequence, below, we list the steps that we used to install @@ -48,13 +49,13 @@ command such as: \item cd {\bf mysql-source-directory} where you replace {\bf mysql-source-directory} with the directory name where -you put the MySQL source code. + you put the MySQL source code. \item ./configure \verb{--{enable-thread-safe-client \verb{--{prefix=mysql-directory where you replace {\bf mysql-directory} with the directory name where you -want to install mysql. Normally for system wide use this is /usr/local/mysql. -In my case, I use \~{}kern/mysql. + want to install mysql. Normally for system wide use this is /usr/local/mysql. + In my case, I use \~{}kern/mysql. \item make @@ -63,7 +64,7 @@ In my case, I use \~{}kern/mysql. \item make install This will put all the necessary binaries, libraries and support files into -the {\bf mysql-directory} that you specified above. + the {\bf mysql-directory} that you specified above. \item ./scripts/mysql\_install\_db @@ -84,8 +85,8 @@ Bacula}. Later after Bacula is installed, come back to this chapter to complete the installation. Please note, the installation files used in the second phase of the MySQL installation are created during the Bacula Installation. -\label{mysql_phase2} +\label{mysql_phase2} \subsection*{Installing and Configuring MySQL -- Phase II} \index[general]{Installing and Configuring MySQL -- Phase II } \index[general]{Phase II!Installing and Configuring MySQL -- } @@ -123,9 +124,11 @@ Now you will create the Bacula MySQL database and the tables that Bacula uses. \item ./grant\_mysql\_privileges - This script creates unrestricted access rights for {\bf kern}, {\bf kelvin}, -and {\bf bacula}. You may want to modify it to suit your situation. Please -note that none of these userids, including root, are password protected. + This script creates unrestricted access rights for the user {\bf bacula}. + You may want to modify it to suit your situation. Please + note that none of the userids, including root, are password protected. + If you need more security, please assign a password to the root user + and to bacula. The program {\bf mysqladmin} can be used for this. \item ./create\_mysql\_database diff --git a/docs/manual/tls.tex b/docs/manual/tls.tex index a5089922..6cd14e91 100644 --- a/docs/manual/tls.tex +++ b/docs/manual/tls.tex @@ -23,14 +23,13 @@ terms refer to the accepting and initiating peer, respectively. Diffie-Hellman anonymous ciphers are not supported by this code. The use of DH anonymous ciphers increases the code complexity and places -explicit trust upon the two-way Cram-MD5 implementation. Cram-MD5 is +explicit trust upon the two-way CRAM-MD5 implementation. CRAM-MD5 is subject to known plaintext attacks, and it should be considered considerably less secure than PKI certificate-based authentication. Appropriate autoconf macros have been added to detect and use OpenSSL if enabled on the {\bf ./configure} line with {\bf \verb?--?enable-openssl} - \subsection*{TLS Configuration Directives} \addcontentsline{toc}{section}{TLS Configuration Directives} Additional configuration directives have been added to all the daemons @@ -47,7 +46,10 @@ Require TLS connections. \item [TLS Certificate = \lt{}Directory\gt{}] Path to a PEM encoded TLS certificate. It can be used as either a client -or server certificate. +or server certificate. PEM stands for Privacy Enhanced Mail, but in +this context refers to how the certificates are encoded. It is used +because PEM files are base64 encoded and hence ASCII text based +rather than binary. They may also contain encrypted information. \item [TLS Key = \lt{}Directory\gt{}] Path to a PEM encoded TLS private key. It must correspond to the TLS @@ -56,8 +58,10 @@ certificate. \item [TLS Verify Peer = \lt{}yes|no\gt{}] Verify peer certificate. Instructs server to request and verify the client's x509 certificate. Any client certificate signed by a known-CA -will be accepted unless the TLS Allowed CN configuration directive is used. -Not valid in a client context. +will be accepted unless the TLS Allowed CN configuration directive is used, +in which case the client certificate must correspond to the Allowed +Common Name specified. This directive is valid only for a server +and not in a client context. \item [TLS Allowed CN = \lt{}string list\gt{}] Common name attribute of allowed peer certificates. If this directive is @@ -65,25 +69,34 @@ specified, all client certificates will be verified against this list. This directive may be specified more than once. It is not valid in a client context. -\item [TLS CA Certificate File = \lt{}Directory\gt{}] -Path to PEM encoded TLS CA certificate(s). Multiple certificates are +\item [TLS CA Certificate File = \lt{}Filename\gt{}] +The full path and filename specifying a +PEM encoded TLS CA certificate(s). Multiple certificates are permitted in the file. One of \emph{TLS CA Certificate File} or \emph{TLS CA Certificate Dir} are required in a server context if \emph{TLS Verify Peer} (see above) is also specified, and are always required in a client context. \item [TLS CA Certificate Dir = \lt{}Directory\gt{}] -Path to TLS CA certificate directory. In the current implementation, -certificates must be stored PEM encoded with OpenSSL-compatible hashes. +Full path to TLS CA certificate directory. In the current implementation, +certificates must be stored PEM encoded with OpenSSL-compatible hashes, +which is the subject name's hash and an extension of {bf .0}. One of \emph{TLS CA Certificate File} or \emph{TLS CA Certificate Dir} are required in a server context if \emph{TLS Verify Peer} is also specified, and are always required in a client context. \item [TLS DH File = \lt{}Directory\gt{}] Path to PEM encoded Diffie-Hellman parameter file. If this directive is -specified, DH ephemeral keying will be enabled, allowing for forward -secrecy of communications. This directive is only valid within a server -context. To generate the parameter file, you may use openssl: +specified, DH key exchange will be used for the ephemeral keying, allowing +for forward secrecy of communications. DH key exchange adds an additional +level of security because the key used for encryption/decryption by the +server and the client is computed on each end and thus is never passed over +the network if Diffie-Hellman key exchange is used. Even if DH key +exchange is not used, the encryption/decryption key is always passed +encrypted. This directive is only valid within a server context. + +To generate the parameter file, you +may use openssl: \begin{verbatim} openssl dhparam -out dh1024.pem -5 1024 diff --git a/docs/manual/win32.tex b/docs/manual/win32.tex index f58e5a3f..e4871306 100644 --- a/docs/manual/win32.tex +++ b/docs/manual/win32.tex @@ -17,7 +17,7 @@ below, we are referring to the File daemon only. The Windows version of the Bacula File daemon has been tested on Win98, WinMe, WinNT, and Win2000 systems. We have coded to support Win95, but no longer have a system for testing. The Windows version of Bacula is a native Win32 port, -but there are very few source code changes, which means that the Windows +but there are very few source code changes to the Unix code, which means that the Windows version is for the most part running code that has long proved stable on Unix systems. When running, it is perfectly integrated with Windows and displays its icon in the system icon tray, and provides a system tray menu to obtain @@ -41,14 +41,17 @@ NSIS Free Software installer, so if you have already installed Windows software, it should be very familiar to you. If you have a previous version Cygwin of Bacula (1.32 or lower) installed, you -should stop the service, uninstall it, and remove the directory possibly +should stop the service, uninstall it, and remove the Bacula installation directory possibly saving your bacula-fd.conf file for use with the new version you will install. The new native version of Bacula has far fewer files than the old Cygwin -version. +version, so it is better to start with a clean directory. Finally, proceed with the installation. \begin{itemize} +\item You must be logged in as Administrator to do a correct installation, + if not, please do so before continuing. + \item Simply double click on the {\bf winbacula-1.xx.0.exe} NSIS install icon. The actual name of the icon will vary from one release version to another. @@ -64,8 +67,8 @@ Finally, proceed with the installation. \item If you proceed, you will be asked to select the components to be installed. You may install the Bacula program (Bacula File Service) and or the documentation. Both will be installed in sub-directories of the install -location that you choose later. The components dialog looks like the -following: + location that you choose later. The components dialog looks like the + following: \addcontentsline{lof}{figure}{Win32 Component Selection Dialog} \includegraphics{./win32-pkg.eps} @@ -78,33 +81,32 @@ following: \item If you are installing for the first time, you will be asked if you want to edit the bacula-fd.conf file, and if you respond with yes, it will be opened in notepad. -\ + \item Then the installer will ask if you wish to install Bacula as a service. You should always choose to do so: \addcontentsline{lof}{figure}{Win32 Client Service Selection} \includegraphics{./win32-service.eps} -\ + \item If everything goes well, you will receive the following confirmation: \addcontentsline{lof}{figure}{Win32 Client Service Confirmation} -\includegraphics{./win32-service-ok.eps} + \includegraphics{./win32-service-ok.eps} -\ + \item Then you will be asked if you wish to start the service. If you respond with yes, any running Bacula will be shutdown and the new one started. You may see a DOS box momentarily appear on the screen as the service is started. -It should disappear in a second or two: + It should disappear in a second or two: \addcontentsline{lof}{figure}{Win32 Client Start} \includegraphics{./win32-start.eps} -\ -\item Finally, the finish dialog will appear: +\item Finally, the finish dialog will appear: \addcontentsline{lof}{figure}{Win32 Client Setup Completed} -\includegraphics{./win32-finish.eps} + \includegraphics{./win32-finish.eps} \ \end{itemize} @@ -112,9 +114,8 @@ It should disappear in a second or two: That should complete the installation process. When the Bacula File Server is ready to serve files, an icon \includegraphics{./idle.eps} representing a cassette (or tape) will appear in the system tray -\includegraphics{./tray-icon.eps}; right click on it and a menu will appear. -\ -\ \ \ \ \includegraphics{./menu.eps} +\includegraphics{./tray-icon.eps}; right click on it and a menu will appear.\\ +\includegraphics{./menu.eps}\\ The {\bf Events} item is currently unimplemented, by selecting the {\bf Status} item, you can verify whether any jobs are running or not. @@ -137,6 +138,12 @@ of {\bf c:\textbackslash{}bacula\textbackslash{}bin\textbackslash{}bacula-fd.conf} to ensure that it corresponds to your configuration. +Finally, but pulling up the Task Manager (ctl-alt-del), verify that Bacula +is running as a process (not an Application) with User Name SYSTEM. If this is +not the case, you probably have not installed Bacula while running as +Administrator, and hence it will be unlikely that Bacula can access +all the system files. + \subsection*{Uninstalling Bacula on Win32} \index[general]{Win32!Uninstalling Bacula } \index[general]{Uninstalling Bacula on Win32 } @@ -154,7 +161,7 @@ Windows Add/Remove Programs dialog found on the Control panel. The most likely source of problems is authentication when the Director attempts to connect to the File daemon that you installed. This can occur if the names and the passwords defined in the File daemon's configuration file -{\bf +{\bf c:\textbackslash{}bacula\textbackslash{}bin\textbackslash{}bacula-fd.conf} on the Windows machine do not match with the names and the passwords in the Director's configuration file {\bf bacula-dir.conf} located on your Unix/Linux @@ -423,6 +430,11 @@ However, a much better solution to working with and changing Win32 permissions is the program {\bf SetACL}, which can be found at \elink{http://setacl.sourceforge.net/ }{http://setacl.sourceforge.net/}. +If you have not installed Bacula while running as Administrator +and if Bacula is not running as a Process with the userid (User Name) SYSTEM, +then it is very unlikely that it will have sufficient permission to +access all your files. + Some users have experienced problems restoring files that participate in the Active Directory. They also report that changing the userid under which Bacula (bacula-fd.exe) runs, from SYSTEM to a Domain Admin userid, resolves